Managing your M365 Tenant Flashcards
(55 cards)
1
Q
Roles.
A
collections of permissions that allow users and groups to perform specific tasks or functions within Microsoft 365
2
Q
Scopes.
A
Scopes are filters that limit the range or extent of a role. You can apply scopes to roles to restrict the access and management of resources within Microsoft 365.
3
Q
Assignments.
A
the links that connect roles and scopes to users and groups. Assignments are the final step in the permission model, as they determine who can do what and where within Microsoft 365
4
Q
Conditional access policies
A
access policies based on factors like user location, device type, and risk profile.
5
Q
Risk-based authentication.
A
Microsoft Entra ID evaluates user behavior and context to determine risk levels. Security teams can implement extra authentication steps when suspicious activity is detected
6
Q
Passwordless authentication
A
reduces reliance on traditional passwords
7
Q
Role Management role
A
allows users to view, create, and modify role groups in the Microsoft Defender portal.
8
Q
Billing administrator
A
- Manage all aspects of billing.
- Create and manage support tickets in the Microsoft Entra admin center
9
Q
Compliance administrator
A
- Stay compliant with any regulatory requirements.
- Manage eDiscovery cases.
- Maintain data governance policies across Microsoft 365 locations, identities, and apps.
- Monitor compliance-related policies across Microsoft 365 services.
- Manage compliance alerts.
- Perform legal and data investigations.
- Manage Data Subject Requests.
- View all Intune audit data.
10
Q
Exchange administrator
A
- Recover deleted items in a user’s mailbox.
- Determine how long to retain deleted email before the system permanently deletes it.
- Set up mailbox features such as the mailbox sharing policy, which determines how users can share calendar and contacts information with others outside of your organization.
- Set up, Send As, and Send on Behalf delegates for someone’s mailbox; for example, when an executive wants their assistant to have permission to send mail on the executive’s behalf.
- Create shared mailboxes so a group of people can monitor and send email from a common email address.
- Set up anti-spam and malware filters for the organization.
- Manage Microsoft 365 Groups.
11
Q
Global reader
A
the read-only counterpart to Global Administrator. Assign Global Reader instead of Global Administrator for planning, audits, or investigations.
12
Q
Groups administrator
A
- Create, edit, delete, and restore Microsoft 365 groups.
- Create and update group creation, expiration, and naming policies.
- Create, edit, and delete Microsoft Entra security groups.
13
Q
Helpdesk administrator
A
- Reset passwords.
- Force users to sign out.
- Manage service requests.
- Monitor service health.
14
Q
License administrator
A
- Reprocess license assignments for group-based licensing.
- Assign product licenses to groups for group-based licensing.
15
Q
Message center reader
A
monitor notifications and advisory health updates in the Message center for their organization on configured services such as Exchange, Intune, and Microsoft Teams.
16
Q
Office Apps administrator
A
- Use the Office cloud policy service to create and manage cloud-based policies for Office.
- Create and manage service requests.
- Manage the What’s New content that users see in their Office apps.
- Monitor service health.
17
Q
Password administrator
A
reset passwords for nonadministrators and Password Administrators. Users with this role have limited ability to manage passwords.
18
Q
Power Platform administrator
A
- Manage all admin features for Power Apps, Flows, and Data loss prevention policies.
- Create and manage service requests.
- Monitor service health.
19
Q
Reports reader
A
- View usage data and the activity reports in the Microsoft 365 admin center.
- Get access to the Power BI adoption content pack.
- Get access to sign-in reports and activity in Microsoft Entra ID.
- View data returned by Microsoft Graph reporting API.
20
Q
Security administrator
A
- Manage security threats and alerts.
- View reports.
- Monitor and respond to suspicious security activity.
- Assign roles.
- Manage machine groups.
- Configure endpoint threat detection and automated remediation.
- View, investigate, and respond to alerts.
- View machines/device inventory.
- View user, device, enrollment, configuration, and application information in Intune.
- Define the threshold and duration for lockouts when failed sign-in events happen.
- Configure custom banned password list or on-premises password protection.
21
Q
Service Support administrator
A
- Open and manage service requests.
- View and share message center posts.
- Monitor service health.
22
Q
SharePoint administrator
A
- Create and delete sites.
- Manage site collections and global SharePoint settings.
- Define the user profile policies and settings for the organization, including management of promoted sites.
- Create Business Connectivity Services (BCS) connections to data sources that are outside the SharePoint Online site.
- Manage records in place, which means that you can leave a document in its current location on a site, or store records in a specific archive.
- Customize the search experience for users.
- Configure SharePoint Online hybrid with an on-premises SharePoint Online site.
- Use InfoPath Forms Services in SharePoint Online to deploy the organization’s forms to its sites, enabling users to fill out these forms in a web browser.
23
Q
Teams administrator
A
- Manage and create Microsoft 365 groups.
- Manage meetings.
- Manage conference bridges.
- Manage all org-wide settings, including federation, teams upgrade, and teams client settings.
- Troubleshoot communication issues within Teams.
24
Q
User administrator
A
- Add users and groups.
- Assign licenses.
- Manage most users properties.
- Create and manage user views.
- Update password expiration policies.
- Manage service requests.
- Monitor service health.
The user admin can also complete the following actions:
- Manage usernames.
- Delete and restore users.
- Reset passwords.
- Force users to sign out.
- Update (FIDO) device keys.
25
To assign admin roles in Microsoft 365 admin center
must sign in using a Global admin account
select Users, and then select Active Users.
On the Active users page, choose the user whose administrator role you want to change. The Properties page for the user opens.
Next to Roles, select Edit.
On the Edit user roles page, choose one of the following options:
26
Powershell to get a list of all users
Get-MgUser
27
Role groups
allow administrators to assign multiple roles to one or more users, granting them the permissions assigned to all the roles in the group
28
to create a role group and assign it to a user in the Microsoft 365 admin center
you must set the Privacy setting to Private and then select the Allow admin roles to be assigned to this group check box.
After creating the group, you must reopen the group and assign the selected roles to the group.
29
Create role groups in the Microsoft Entra admin center
set the Microsoft Entra roles can be assigned to the group option to Yes
When you're creating the group, you can assign one or more Microsoft Entra roles to the group.
30
Create role groups in Windows PowerShell
Use the New-MgGroup command to create a role group.
31
administrative unit
Microsoft Entra resource that can be a container for other Microsoft Entra resources. An administrative unit can contain only users, groups, or devices.
32
Microsoft Entra Privileged Identity Management (PIM)
enables organizations to manage, control, and monitor user access. PIM provides access to resources in Microsoft Entra ID, Azure resources, and other Microsoft online services like Microsoft 365 and Microsoft Intune.
33
Eligible admins
users that need privileged access periodically, but not all-day, every day. The role is inactive until the user needs access.
34
The Privileged Role Administrator (PRA)
The Privileged Role Administrator (PRA)
35
To enable the Microsoft Adoption Score,
Sign in to the Microsoft 365 admin center as a Global Administrator.
In the Microsoft 365 admin center, in the left-hand navigation pane, select Show all, select Reports, and then select Adoption Score.
On the Adoption Score page, select the Turn on Adoption Score button.
36
Enable Microsoft 365 usage analytics
In the Microsoft 365 admin center, select Reports in the left-hand navigation pane, and then select Usage.
On the Usage page, scroll to the bottom of the page and locate the Microsoft 365 usage analytics tile. Select the Get started button.
On the Reports pane that appears, select the check box for the following setting: Make organizational usage data available to Microsoft 365 usage analytics for Power BI.
37
Microsoft 365 Backup service
pay-as-you-go consumption-based service
38
What must users do to maintain the full functionality of Microsoft 365 Apps for enterprise on their devices?
Connect to the internet at least every 30 days
39
Prohibit all users from installing Microsoft 365 Apps for enterprise
in the Microsoft 365 admin center, select ...Show all in the navigation pane.
Select Settings, and then within the group, select Org Settings.
In the Org settings window, the Services tab is displayed by default. Scroll down through the list of services and select Microsoft 365 installation options.
In the Microsoft 365 app installation options pane that appears, the Feature updates tab is displayed by default. Select the Installation tab that appears next to it.
40
The Office Deployment Tool
The Office Deployment Tool is a command-line tool that downloads and deploys Microsoft 365 Apps for enterprise to client computers. The ODT gives you more control over an Office installation. You can define:
The products and languages to install.
How to update those products.
The user's install experience.
41
Office updates: Automatic from cloud.
the default mode (typically used for home or small office installations) where updates download from the cloud. A daily task checks for updates, and when a new build is available, the client automatically receives the deltas.
42
Office Updates: Automatic from network
In managed deployments, administrators can specify (by using Group Policy or the configuration.xml file during setup) to check for updated builds from an internal source. Typically, small or medium organizations use this option.
43
Office Updates: Rerun setup.exe by using ESD
in large organizations, using an ESD such as Configuration Manager enables even more fine-grained control of update scheduling. You can use scripts or task sequences in the ESD to re-execute setup.exe /configure.
44
In which update model can administrators check for updated builds from an internal source?
Automatic from Network:
in managed deployments, administrators can specify (by using Group Policy or the configuration.xml file during setup) to check for updated builds from an internal source.
45
Update channels
provide not only new features on a monthly basis, but also security and nonsecurity updates. There are three primary update channels - Current, Monthly Enterprise, and Semi-Annual Enterprise.
46
Current Channel
provides users with the newest Office features as soon as they're ready.
47
Monthly Enterprise Channel
provides users with new Office features each month. Microsoft recommends this channel if an organization only wants to receive one update per month on a predictable release schedule.
48
Semi-Annual Enterprise Channel
Microsoft releases new features to the Semi-Annual Enterprise Channel (Preview) twice a year,
for those select devices in an organization that need extensive testing before rolling out new Office features
49
Configuring users for update channels in Microsoft 365
Navigate to the Organization settings page, and under the Services tab, select Office installation options. Select one of the following installation options:
As soon as updates are ready (Current Channel)
Once a month (Monthly Enterprise Channel)
Every six months (Semi-Annual Enterprise Channel)
50
access the Microsoft 365 Apps admin center
From the Microsoft 365 admin center, select ...Show all in the navigation pane.
Under the Admin centers group, select All admin centers.
On the All admin centers page, select Office configuration.
51
Office Customization Tool
creates the configuration files that large organizations can use to deploy Office.
52
How to see security baselines in Intune
Endpoint Security --> Security baselines
53
creating a profile that adds the Microsoft 365 Apps for enterprise security baseline to selected groups, users, or devices:
Microsoft Intune admin center, select Endpoint security in the navigation pane.
On the Endpoint security | Overview page, select Security baselines in the middle navigation pane.
On the Endpoint security | Security baselines page, select Microsoft 365 Apps for Enterprise Security Baseline from the list of security baselines.
On the Microsoft 365 Apps for Enterprise Security Baseline | Profiles page, select +Create profile from the menu bar.
On the Create a profile pane that appears, select Create. Doing so initiates the Create profile wizard.
54
How many devices can each user deploy it on (M365 Apps for enterprise)?
5
55
